uncategorized

Microsoft: Iranian hackers found Office 365 accounts 'sprayed with passwords'

Microsoft

Microsoft has recently revealed that a group of Iranian hackers has been attacking Office 365 accounts of various organizations and individuals using a technique called "password spraying." Password spraying is a type of brute force attack that involves trying common passwords against multiple usernames, hoping to find a match. 

Microsoft
Microsoft

Unlike traditional brute force attacks that try many passwords against a username, password spraying is less likely to result in account lockouts or security alerts.

According to Microsoft, Iranian hackers, nicknamed Phosphorus, have been conducting password-spraying campaigns since September 2020, targeting accounts of government agencies, think tanks, journalists, activists, academics, and other prominent figures.

 Hackers have also used other methods to compromise accounts, such as phishing emails, credential theft, and malware. Microsoft estimates that Phosphorus has attempted to access the accounts of about 25.000 people in 76 countries over the past year.

Microsoft alerted affected customers and provided guidance on how to protect their accounts. The company also recommended some best practices to prevent password sharing attacks, such as enabling multi-factor authentication (MFA), using strong and unique passwords, and monitoring login activity. Microsoft has also urged customers to report any suspicious or malicious activity to its security team.

Password spraying is not a new threat, but it is becoming more frequent and sophisticated as hackers take advantage of the increased use of cloud services and remote work due to the COVID-19 pandemic. Organizations and individuals should be aware of the risks and take proactive steps to protect their online accounts and data.

Microsoft has issued an alert about a group of hackers, possibly affiliated with Iran, who have attempted to compromise Office 365 accounts by guessing passwords.

Hackers have targeted US, EU and Israeli defense companies working on “military-grade radars, drone technology, satellite systems and emergency response communications systems,” the company said in a blog post on Monday.

Microsoft said the hacking group has been conducting these "password spraying" attacks against 250 Office 365 "tenants." These tenants include all of an organization's resources, such as user accounts, that are hosted on a service in the Microsoft cloud.

A blog post about the Iranian hacking group DEV-0343 and their activities.

Microsoft has recently revealed that a hacking group linked to Iran has been attacking satellite imagery and maritime shipping companies in the Middle East. The group, which Microsoft calls DEV-0343, has been using password spraying attacks to compromise employee email accounts and gain access to sensitive information.

Password spraying attacks are a type of brute force attack that involves trying common passwords across a large number of email addresses. Attackers typically avoid triggering account lockouts by spreading attempts over time and across different IP addresses. Microsoft says DEV-0343 has been using this technique since at least July 2020 and has targeted organizations in the US, UK, Germany, India, and the United Arab Emirates.

According to Microsoft, the main objective of DEV-0343 is to support the interests of the Iranian government in the region, especially in the maritime sphere. The group has been interested in obtaining commercial satellite imagery and proprietary shipping data that could help Iran monitor its adversaries and plan for contingencies. Microsoft notes that Iran has a developing satellite program that faces challenges such as US sanctions and launch failures.

Microsoft warns that DEV-0343 is likely to continue its password spraying attacks and advises its customers to take preventive measures, such as enabling multi-factor authentication, using strong and unique passwords, and monitoring for suspicious login attempts. Microsoft also offers threat protection services that can help detect and respond to such attacks.